Normalization of deviance can kill

On January 28, 1986, the space shuttle Challenger
(mission STS-51-L) broke apart just 73 seconds after launch.
The seven-member crew of the shuttle lived until 3 minutes and
58 seconds after launch, which is when the crew compartment
struck the Atlantic Ocean at over 200 mph. The origins of the
Challenger disaster are traceable to issues ranging
from deep-seated human failings by top decision-makers to poor
and mishandled design decisions involving O-rings.

Failure scenario

An O-ring failure had been anticipated by more than one
competent individual well ahead of the launch. With honesty and
courage, the Thiokol engineers had issued early warnings
concerning the O-ring application at extreme cold temperatures.
Unfortunately for the Challenger crew, the minus-side
of the figurative ledger is populated by the usual
suspectsthe folks who prefer to drift with the prevailing
currents. Because of the disasters complexity and
ramifications, well over 100,000 pages of reports and findings
have been generated. Most documents are in the public domain,
and a few knowledgeable people have issued syntheses of the
vast amount of material.

Although many well-focused summaries apply to the process
industries, one has a special impact. It was prepared by
Richard Mike Mullane, a former astronaut, left, in
Fig. 1. Mr. Mullane had flown on three space
shuttle missions and is uniquely qualified to convey pertinent
facts regarding this program. In 2013, the author had two
opportunities to hear Mr. Mullane speak at ExxonMobils
(EMs) maintenance productivity
conferences. EM recognized that the lessons from the
Challenger disaster have great value to equipment
users in all modern industries.

Mr. Mullane spoke about original plans to have 26 space shuttle
ascents per year from different launch sites. He related how
these underfunded plans were so unrealistic as to rightly be
called an economic lie. Mr. Mullane examined why
bad things happen to teams with stellar credentials and
seemingly flawless success histories. His answers are found in
practices that are often observed in the hydrocarbon processing industry (HPI),
and are commonly called normalization of
deviance.1 Unfortunately, normalization of
deviance leads to predictable surprises and incompetent
engineering management, all adding to the risk of a
disaster.

Parallel conditions

The similarities between NASA and the HPI are uncanny. Some
reliability engineers in the HPI
find themselves getting away with deviation a, and
they know that they have also gotten away with deviations
b, c and d. When allowing
deviation e to be added to project, the engineers are surprised
that things blow up when the resulting safety margins drop
below zero. These engineers allow schedule pressures to dictate
the pace of work and reduce the time left for reviewing
details, thus leaving no time left for meaningful inspections
or verifications. These staffers allow procurement of lube oil,
gaskets, bearings or mechanical seals from the lowest bidder.
They tolerate an alliance partner whose overall quality is
inferior. They summarily reject higher initial-cost bidders
instead of determining the lifecycle costs. They either do not
know, or simply forget to explain to management that
purchasingat premium costfrom vendors with
application engineering expertise is the path to best
practices.

Solution

One option involves reliability professionals closely
mapping out career paths that require more nurturing and
grooming of knowledge. True professionals must develop an
aversion to repeat failures of equipment. More importantly,
they must offer researched facts instead of quick opinions. As
Mr. Mullane explained, it is often dangerous to structure an
initially favorable outcome into false feedback. The initial
absence of a problem does not mean that there will be no
problems later.2 Consider the automobile industry
and its history of vehicle recalls. How many times is
getting away with it not the equivalent of
always getting away with it?

Remedy

The prescription for soundly managed reliability engineering can be
lengthy, and it deserves more detailed explanations. Here are a
few of Mr. Mullanes findings to consider:

Recognize the vulnerability. Safety and
quality rank well above schedules.

Practice situational awareness.
Understand that, while a work environment will surely change
over the long run, it can also change unexpectedly in the
short term.

Interpret an anomalous result. Do not be
predisposed as to its cause.

Avoid shortcuts. Do not let an
aggressive can do culture maneuver support
shortcuts.

Review worst practices. Always stick to
best practices without compromise.

Speak up. If you see something amiss,
speak up and say something.

Review best practices. Periodically
reset best practices to meet conditions.

Convergence of bad decisions

Yes, the Challenger disaster had much to do with an
unsuitable joint design. But joints that survived were
the real anomaly here. While the unusually cold launch
temperature on January 1986 aggravated the design flaw, it was
certainly not the only reason for all of the flaws. Mr. Mullane
made that point masterfully. He managed to explain what stands
in the way of achieving true reliability. HP

The authorHEINZ P. BLOCH resides in Westminster,
Colorado. His professional career began in 1962 and
included long-term assignments as Exxon Chemicals
regional machinery specialist for the US. He has
authored over 580 publications, among them 18
comprehensive books on practical machinery management,
failure analysis, failure avoidance, compressors, steam
turbines, pumps, oil mist lubrication and practical
lubrication for industry. Mr. Bloch holds BS and MS
degrees in mechanical engineering. He is an ASME Life
Fellow and a registered professional engineer in New
Jersey and Texas.

Have your say

All comments are subject to editorial review.
All fields are compulsory.